The Securities and Exchange Commission (SEC) is asking hacked firms to provide details on their breaches in which hackers may have stolen emails to use for insider trading. Experts believe the investigation inquiry was prompted by a FireEye report about a sophisticated hacking group dubbed “FIN4.”
The hacking collective used spear phishing tactics and targeted healthcare and pharmaceutical companies because the volatility of their stock value makes them potentially more profitable, according to report.
John Reed Stark, former head of internet enforcement at the SEC, told Reuters in an exclusive report that this an “absolute first” for the SEC to ask companies to disclose information concerning breaches. Stark explained that the SEC is interested because “failures in cybersecurity have prompted a dangerous, new method of unlawful insider trading.”
At least eight listed companies have been asked to provide details of their data breaches.